Improper Check in LemonLDAP::NG Prior to 2.20.1 Allows Authenticated User to Increase Authentication Level
CVE-2024-52946

8.8HIGH

Key Information:

Vendor: LemonLDAP::NG
Status: LemonLDAP::NG
Vendor: CVE Published:; 18 November 2024

🔔 Create LemonLDAP::NG Vulnerability Alert

What is CVE-2024-52946?

An issue found in LemonLDAP::NG versions prior to 2.20.1 allows an authenticated user to elevate their authentication level under specific conditions. When an admin configures an 'Adaptive authentication rule' with increment values rather than absolute values, this vulnerability can be exploited, potentially affecting the security integrity of the user sessions.

References

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 18, 2024

CVE-2024-52946 Data

JSON